I just started using this software V 5.00
it tells me that another program is writing to drive C
I don't know of any.I checked start up and there is nothing in there.
How does one find out if another program is open

Generally if another program is running, it should be listed in Task Manager. You press Ctrl-Alt-Delete once and it should give you a list of what is running and the option to End Task if you want to close anything. You can find out what the programs are here:

http://www.pacs-portal.co.uk/startup_pages/startup_full.htm

Budfred

Interesting Program. Nearly warrants a thread in its own right. But who is telling the truth:-

http://evidence-eliminator-sucks.com/eesucks/

or...

http://www.evidence-eliminator.com/dis-information.d2w


Without having looked at any deeper, I bet EE5 doesn't clean up all the file slack. And is it or isn't it spyware/spamware???

Incidentally, the facility "startuplist" recommended by mjc at http://www.pcguide.com/vb/showthread.php?s=&threadid=16780&highlight=startup is also great for showing running applications; and these don't always exactly mirror those shown in the task manager.

Firstly, I do not like Evidence Elimnator...why?

Because of things like this:

"Your computer is displaying an IP address. With this address someone can attack you."

(That was a popup ad that I got the other night..I usually have popups disabled, for free, ads disabled for free, clean up web tracks for free....)

Clicking anywhere on the popup (including the x in the corner to close it) took me to the EE home page (what was displayed was a "frameless" window with no scrollbars or any bars, that was filled with a full size gif of a normal popup window), so what would normally be the window controls were actually part of the link.

Also the ad itself is preying upon a lack of understanding and it is fear-mongering....the only way your computer can't display and IP address is not be connected to ANY network...(wait, no it would still disply 127.0.0.1 if asked.....so it would have to be turned off!!!). To be connected to the internet you MUST have an IP (even if you use an anymous proxy...it will still, in the server logs contain your true IP), so you can be traceable or attackable to a point, if not to your machine.

The tatics used to market it, ads that I have personally seen like the one above, speak to me of sleazy marketing tactics, so much so that I do not trus any report of nefarious activity it reports...

A quick question...do you have "write behind caching" enabled?

Most likely you do, so you will always have "some application" writing to your hard drive. If it can't do any better than report "some application", which could very well be a normal part of Windows operation, it isn't worth the $0.20 th CD blank cost to put it on, let alone the full cost of the product!

As to finding out what is running, the first step is ctrl-alt-del, this will give you a hint of everything running.

To find out what starts when your machine does, the program Paul referenced, Startup List, will do that; and do it completely, using a program that is less than 50KB in size and completely free, no strings what-so-ever (it doesn't even "install" and makes no registry changes...)

For a more complete look, something like Process Explorer (http://www.sysinternals.com/ntw2k/freeware/procexp.shtml) (it will even show "hidden" windows)

(some of the above is my personal opinon, based on my own observations, not the writings of anyone else, nor on any formal reviews of the previously mentioned product)

The program that is writing to disk is Windows.
Swap files and or Pagefiles..

EE is a paranoid persons gambit.

If you want to remove all evidence of a file.
Just install a file wipe program that will also wipe drive free space ( write zero’s to unused space)

thanks Rick for the info.
You talk about a file wipe program that also wipe drive free space
What program might that be if I may ask.
thanks

I use Nortons WipeInfo to destroy files
It can be set to write over a files space on the HDD to the Point even Uncle Sam can’t recover it

It is part of the Nortons systems works utility package .
BTW it’s one of the Few programs In that package I still use

If you really really want to make data on a HDD irrecoverable then the only way is to destruct the disk:-

http://www.computer-data-forensics-evidence-discovery.com/conclusion.htm

Paul

The only problem with that little idea is that It is NOT selective in what it destroys.
It like the zero fill will destroy Everything on the disk.

With file destroy and wipeinfo you select what file to get rid of.
One at a time or a group of files.

The idea behind the wipe free space is to destroy the data files that were deleted in the past and not over written yet ..

LOL :D Rick I know where your coming from, and for most users such utilities are adequate methods of eliminating "evidence".

However, even zero-fill or multiple random-pattern fills (or even degaussing) may not literally destroy the data to the point where no mask of the original data remains. For the ultra paranoid, the only way is to remove/destroy the disk platters themselves.

There is no way in the world that a company with really valuable R&D information on a HDD would use any of these utilities to "wipe" their drives clean in order to prevent espionage of the contents.

In my mind's eye I can see a random sprinkling of iron filings in one of those experiments at school. Stick a bar magnet underneath and they line themselves up. Stick the magnet at right angles and you won't get a total realignment of the original pattern, which was no longer random when the magnet worked on it the second time. I hope this is a good analogy. ;)